Click here to expand

    Symantec DLP Application

    Symantec DLP Application

    EventLog Analyzer collects log data from Symnatec DLP Applications and presents it in the form of graphical reports. For the solution to start collecting this log data, the it has to be added as a threat source.

    Adding a Symantec DLP Application device as a threat source:

    To add a Symnatec DLP Application device as a threat source, the syslog service has to be configured.

    1. Locate and open the config\Manager.properties file. The file path is as follows
      • Windows - \SymantecDLP\Protect\config directory
      • Linux - /opt/SymantecDLP/Protect/config directory
    2. Uncomment the systemevent.syslog.host= line and specify the EventLog Analyzer server IP address as follows:
      systemevent.syslog.host=xxx.xx.xx.xxx
    3. Uncomment the systemevent.syslog.port= line and specify 514 as the port to accept connections from the Symantec Enforce Server as follows:
      systemevent.syslog.port=514
    4. After making the above mentioned changes, save and close the properties file.
    FireEye Threat Solutions
    1. In the EventLog Analyzer console, navigate to Settings > Configurations > Manage Threat Source > Add Source
    2. Click on Existing Host and select the device you had added from the list of existing devices.
    3. Select the Addon Type from the list.
    4. Click on Add.

    Once the threat source is added, EventLog Analyzer will start parsing the fields in the logs. This log data can now be viewed in the form of reports.

    The reports provide information on the top:

    Additionally, a Symantec DLP overview report is also provided.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link